Run EXE software using App in Windows IIS

I hosted my Django app on Windows IIS in Windows Server 2022 Standard

But my application has a feature that opens software (.exe) and run specific user tasks provided in the request of the site.

For example, a user provides some input from my site, and then it processes it with my app by opening software using python code in views.py

script_path = "C:\inetpub\wwwroot\webapp\script\runthescript.py"
subprocess.run(["C:/Program Files/My Soft/Soft.exe", "-runScriptFile", script_path])

MY PROBLEM

When I tested my application locally using python manage.py runserver it was working due to admin privileges and session 1 access, but the same when I tried after hosting with IIS then everything working except software to start.

WHAT I TRIED:

I tried providing my AppPool Identity as (IIS APPPOOL\webapp) Administrator privileges.

Tried using Task Scheduler, but it works with the background process but not with the GUI app.

ISSUE

When I googled it, I found that it is due to privileges and session 0 access. IIS has only session 0 isolation so that it is unable to access GUI.

Your small help, idea or suggestion definitely be helpful for me. :)

I've encountered a similar challenge while running a Linux executable on an Ubuntu server with Django.

The issue you're facing with Django on Windows IIS is a fundamental Windows security feature called "Session 0 Isolation". When I implemented similar functionality on Ubuntu with Django, the permission model was completely different, but here's how I would approach this on Windows Server 2022.

On Ubuntu servers with Django, we typically worry about file permissions and executable bits. However, on Windows Server with IIS, you're facing a different challenge. Your application is running in "Session 0" - a specialized Windows session where services run isolated from user interfaces. This isolation was introduced as a security measure to prevent shatter attacks starting with Windows Vista and Server 2008.

When you run your Django app locally with manage.py runserver, it operates in your interactive user session (Session 1 or higher) with full GUI capabilities. But when hosted on IIS, it's confined to Session 0, which cannot display GUI elements to users by default.

Use FireDaemon Zero

In the Linux world, I would use systemd service files with appropriate user permissions. On Windows, FireDaemon Zero is a specialized tool designed specifically to address Session 0 isolation issues. It allows applications running in Session 0 to display their interface to users.

Create a Windows Service Wrapper

On Ubuntu, I'd typically create a systemd service with proper execution rights. The Windows equivalent is to create a Windows service that runs your EXE:

// Service wrapper code that can launch GUI apps
using System.ServiceProcess;
using System.Diagnostics;

public class ExeService : ServiceBase
{
    protected override void OnStart(string[] args)
    {
        ProcessStartInfo startInfo = new ProcessStartInfo();
        startInfo.FileName = @"C:\Program Files\My Soft\Soft.exe";
        startInfo.Arguments = "-runScriptFile C:\\path\\to\\script.py";
        startInfo.UseShellExecute = true;
        startInfo.CreateNoWindow = false;
        Process.Start(startInfo);
    }
}

For IIS, specifically:

  1. Give your AppPool Identity proper permissions in Windows Security (GUI or icacls command)

  2. Configure the application pool to run as a specific user with desktop access

  3. Consider delegating IIS Manager permissions for application management

Back to Top